What is Rapid7 Insight VM?
Rapid7 Insight VM is a vulnerability scanner that scans EC2 instances for known vulnerabilities.
How to Access Rapid 7 Console?
To access Rapid7, see the credentials in LastPass under the Shared-ecdi-ace-infra folder for the Rapid7 Console. See the notes in the LastPass for this entry to setup the SSH port forward that is needed to access the console.
How to Stop a Rapid7 Vulnerability Scan Manually?
- Log into the Insights VM
- Go to the home page and click on the scan status link of the scan that needs to be stopped.
- Click either stop or pause scan.
Scan Schedule
| Scan Name | Scan Schedule |
|---|---|
| ace-legacy-schedule | Weekly, Wednesday’s @ 9:00 PM PT |
| ace-scvs-schedule | Weekly, Wednesday’s @ 9:15 PM PT |
| ai-spell-schedule | Weekly, Wednesday’s @ 9:30 PM PT |
| ai-alogrithmia-schedule | Weekly, Wednesday’s @ 9:45 PM PT |
| insecure-vpc-schedule | Weekly, Wednesday’s @ 10:00 PM PT |
| ai-spell-cig-schedule | Weekly, Wednesday’s @ 10:15 PM PT |
| ai-spell—mlp-schedule | Weekly, Wednesday’s @ 10:30 PM PT |
Maintenance of System
These are maintenance actives that are needed to ensure the system functions properly. Guides from Rapid7 can be found here for backups and here for data retention settings.
System Backup Configuration
<!— image: image (from original wiki uploads) —>
Routine Maintenance Tasks
<!— image: image (from original wiki uploads) —>
Data Retention Configuration
The specific setting can be found here in the InsightVM once you setup the SSH tunnel
<!— image: image (from original wiki uploads) —>